From c9cbeced5b3f2bdd7407e29c0811e65954132540 Mon Sep 17 00:00:00 2001 From: Root THC Date: Tue, 24 Feb 2026 12:42:47 +0000 Subject: initial --- other/b-scan/tmp/src/Makefile | 88 ++++ other/b-scan/tmp/src/arpg.c | 78 ++++ other/b-scan/tmp/src/bscan.c | 851 +++++++++++++++++++++++++++++++++++++ other/b-scan/tmp/src/cf_prse.l | 172 ++++++++ other/b-scan/tmp/src/dcd_icmp.c | 166 ++++++++ other/b-scan/tmp/src/garage.c | 508 ++++++++++++++++++++++ other/b-scan/tmp/src/module.c | 214 ++++++++++ other/b-scan/tmp/src/network_raw.c | 497 ++++++++++++++++++++++ other/b-scan/tmp/src/restore.c | 263 ++++++++++++ other/b-scan/tmp/src/signal.c | 72 ++++ other/b-scan/tmp/src/snarf.c | 211 +++++++++ other/b-scan/tmp/src/system.c | 349 +++++++++++++++ other/b-scan/tmp/src/test_garage.c | 99 +++++ other/b-scan/tmp/src/tty.c | 116 +++++ 14 files changed, 3684 insertions(+) create mode 100644 other/b-scan/tmp/src/Makefile create mode 100644 other/b-scan/tmp/src/arpg.c create mode 100644 other/b-scan/tmp/src/bscan.c create mode 100644 other/b-scan/tmp/src/cf_prse.l create mode 100644 other/b-scan/tmp/src/dcd_icmp.c create mode 100644 other/b-scan/tmp/src/garage.c create mode 100644 other/b-scan/tmp/src/module.c create mode 100644 other/b-scan/tmp/src/network_raw.c create mode 100644 other/b-scan/tmp/src/restore.c create mode 100644 other/b-scan/tmp/src/signal.c create mode 100644 other/b-scan/tmp/src/snarf.c create mode 100644 other/b-scan/tmp/src/system.c create mode 100644 other/b-scan/tmp/src/test_garage.c create mode 100644 other/b-scan/tmp/src/tty.c (limited to 'other/b-scan/tmp/src') diff --git a/other/b-scan/tmp/src/Makefile b/other/b-scan/tmp/src/Makefile new file mode 100644 index 0000000..6deefc4 --- /dev/null +++ b/other/b-scan/tmp/src/Makefile @@ -0,0 +1,88 @@ +# +# Makefile of (m)bscan v0.0, skyper +# Massiv Banner Scanner +# + +CC=gcc +COPT=-Wall -ggdb -I../include -I/usr/include/pcap -static +LEX=flex +LEXOPT= +OBJS=bscan.o arpg.o snarf.o network_raw.o restore.o +OBJS2=tty.o system.o signal.o dcd_icmp.o garage.o cf_prse.o module.o +SUPOBJ=../support/hpuxdl.o ../support/snprintf.o +TARGET=bscan +INDENT=indent +INDENT_OPT=-bap -nbc -bbo -bl -bli0 -bls -ncdb -nce -cp1 -cs -di2 -ndj -nfc1 -nfca -hnl -i4 -ip5 -lp -psl -nsc -nsob + +# LINUX +####### +LOPT=-export-dynamic +DEFS=`libnet-config --defines` -DHAVE_DLSYM -D_SVID_SOURCE #-DDEBUG +LIBS=-lpcap -ldl -lm `libnet-config --libs` -lpthread + +# SunOS 5.7/5.8 + gcc +##################### +#LOPT=-export-dynamic +#DEFS=`libnet-config --defines` -DHAVE_DLSYM #-DDEBUG +#LIBS=-lpcap -ldl -lm `libnet-config --libs` -lpthread + +# HP-UX 11.00 +############# +#LOPT=-Xlinker -E +#DEFS=`libnet-config --defines` -DHAVE_DLSYM #-DDEBUG +#LIBS=-lpcap -ldld -lm `libnet-config --libs` -lpthread + +# HP-UX 10.20 +# HP-UX 10.20 is not supported. You need snprintf.c and +# some hacks to use IP_HDRINCL and the kernel patches +# to access the link_layer interface. +############# +#LOPT=-Xlinker -E +#DEFS=`libnet-config --defines` -DHAVE_DLSYM -DHP10 #-DDEBUG +#LIBS=-lpcap -ldld -lm `libnet-config --libs` -lpthread + +# OpenBSD +######### +#LOPT= +#DEFS=`libnet-config --defines` -DHAVE_DLSYM #-DDEBUG +#LIBS=-lpcap -lm `libnet-config --libs` -lpthread + +all: $(SUPOBJ) $(OBJS2) $(OBJS) + $(CC) $(SUPOBJ) $(OBJS) $(OBJS2) $(LOPT) $(LIBS) $(COPT) -o $(TARGET) + +cf_prse.o: + $(LEX) $(LEXOPT) -ocf_prse.c cf_prse.l + $(CC) $(COPT) -c cf_prse.c + +dcd_icmp.o: dcd_icmp.c + $(CC) $(COPT) -c dcd_icmp.c + +garage.o: garage.c + $(CC) $(COPT) -c garage.c + +module.o: module.c + $(CC) $(COPT) $(DEFS) -c module.c + +system.o: system.c + $(CC) $(COPT) -c system.c + +tty.o: tty.c + $(CC) $(COPT) -c tty.c + +signal.o: signal.c + $(CC) $(COPT) -c signal.c + +../support/hpuxdl.o: ../support/hpuxdl.c + $(MAKE) -C ../support + +../support/snprintf.o: ../support/snprintf.c + $(MAKE) -C ../support + +.c.o: + $(CC) $(COPT) $(DEFS) -c $< + +clean: + rm -f $(OBJS) $(OBJS2) $(TARGET) cf_prse.c core *~ + +indent: + $(INDENT) $(INDENT_OPT) *.c *.h diff --git a/other/b-scan/tmp/src/arpg.c b/other/b-scan/tmp/src/arpg.c new file mode 100644 index 0000000..0c8a620 --- /dev/null +++ b/other/b-scan/tmp/src/arpg.c @@ -0,0 +1,78 @@ +/* + * bscan arp routine + */ +#include +#include +#include + + + +void +prepare_libnet (struct _libnet *lnet) +{ + + if (lnet->device == NULL) + { + struct sockaddr_in sin; + if (libnet_select_device (&sin, &lnet->device, lnet->err_buf) == -1) + libnet_error (LIBNET_ERR_FATAL, + "libnet_select_device failed: %s\n", lnet->err_buf); + } + + if ( + (lnet->network = + libnet_open_link_interface (lnet->device, lnet->err_buf)) == NULL) + libnet_error (LIBNET_ERR_FATAL, + "libnet_open_link_interface '%s': %s\n", lnet->device, + lnet->err_buf); + + + lnet->packet_size = 60; /* min ethernet frame length -4 CRC */ + if (libnet_init_packet (lnet->packet_size, &lnet->packet) == -1) + libnet_error (LIBNET_ERR_FATAL, "libnet_init_packet failed\n"); + +} + +/* + * play arp-god: sends out arp-reply + * return: same as libnet_write_link_layer + * -1 on failure or bytes written + */ +int +play_arpg (struct _libnet *lnet, u_char spf_sip[4], u_char spf_smac[6], + u_char spf_dip[4], u_char spf_dmac[6]) +{ + int c; + +#ifdef DEBUG + printf ("sending out arp\n"); +#endif + libnet_build_ethernet (spf_dmac, + spf_smac, ETHERTYPE_ARP, NULL, 0, lnet->packet); + + libnet_build_arp (ARPHRD_ETHER, ETHERTYPE_IP, /* arp for which protocol ? */ + 6, /* hardware addr. length */ + 4, /* protocol addr. length */ + ARPOP_REPLY, spf_smac, spf_sip, spf_dmac, spf_dip, NULL, /* packet payload */ + 0, /* length of payload */ + lnet->packet + LIBNET_ETH_H); + + c = + libnet_write_link_layer (lnet->network, lnet->device, lnet->packet, + lnet->packet_size); + if (c < lnet->packet_size) + { + libnet_error (LN_ERR_WARNING, + "libnet_write_link_layer only wrote %d bytes\n", c); + } +#ifdef DEBUG + else + { + printf ("construction and injection completed, wrote all %d bytes\n", + c); + } +#endif + + return (c); +} + diff --git a/other/b-scan/tmp/src/bscan.c b/other/b-scan/tmp/src/bscan.c new file mode 100644 index 0000000..ed49d1b --- /dev/null +++ b/other/b-scan/tmp/src/bscan.c @@ -0,0 +1,851 @@ +/* + * This is unpublished proprietary source code. + * + * The contents of these coded instructions, statements and computer + * programs may not be disclosed to third parties, copied or duplicated in + * any form, in whole or in part, without the prior written permission of + * the author. + * (that includes you hack.co.za and other lame kid sites who dont + * get the point what hacking is about. damn kids.) + * + * (C) COPYRIGHT by me, 2000 + * All Rights Reserved + */ + + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#ifdef HAVE_DLSYM +extern const int modcount; +extern const struct _mods mods[MAX_MODULES]; +#endif + +unsigned char packet[1024]; +struct _opt *opt; + +#define OPTS "XOVhavr:C:L:M:m:l:d:p:i:s:f:o:" + +static unsigned long int gennextip (void); +static unsigned long int gennext_spreadip (void); +static unsigned long int gennext_random (void); + +/* + * make static mac entry in arp-table. + * We use system() here [setting mac entry is heavily system dependent] + */ +int +setarp (uint32_t ip, u_char * mac) +{ + char buf[128]; + u_char *p = (u_char *) mac; + + snprintf (buf, sizeof (buf) - 1, + "arp -s %s %2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x", int_ntoa (ip), + p[0], p[1], p[2], p[3], p[4], p[5]); + /* put all your IFL fun in here ! this is the major security hole + you were looking for.... */ + + return (system (buf)); +} + + +/* + * delete the mac entry from the arp-table. + * we use system() again + */ +int +unsetarp (uint32_t ip) +{ + char buf[128]; + + snprintf (buf, sizeof (buf) - 1, "arp -d %s", int_ntoa (ip)); + /* put all your IFL fun in here ! this is the major security hole + you were looking for.... */ + + return (system (buf)); +} + + +static void +usage (int code, char *fmt, ...) +{ + char buf[1024]; + va_list ap; + u_char *p = (u_char *) opt->spf_smac; + int c; + + printf (VERSION "\n"); + printf (" b-scan -s [options] ...\n"); + printf (" format of :\n"); + printf (" , 10.23.0.1 or\n"); + printf (" -, 10.23.0.1-10.23.255.254 or\n"); + printf (" , 10.23.0.1/16\n\n"); + printf ("Options:\n"); + printf (" -r \n"); +#ifdef HAVE_DLSYM + printf (" -L \n"); +#endif + printf (" -f \n"); + printf (" -s \n"); + printf (" -m , make a static arp-entry and spoof from this mac.\n"); + printf + (" -M , dont make the static arpentry but spoof from this mac.\n"); + printf (" Add the mac to your arp-table manually (arp -s ip mac),\n"); + printf (" If no mac is given default mac is used:\n"); + printf (" MAC : %x:%x:%x:%x:%x:%x\n", p[0], p[1], p[2], p[3], p[4], + p[5]); + printf (" -i , default eth0\n"); + printf + (" -X spreadmode [non-sequential, experimental but recommended]\n"); + printf (" -O output ip's, dont scan\n"); + printf + (" -l limit packets per second, default 1000, 0 = unlimited\n"); + printf + (" -d w8 delay seconds for outstanding packets, default 10\n"); + printf (" -C \n"); + printf (" -v verbose output\n\n"); + printf ("Example:\n"); + printf ("# bscan -s 10.1.6.6 -i eth2 -L \"modules/mod_banner.so\" -X 2.4.1.0-2.4.9.9\n"); + +#ifdef HAVE_DLSYM + for (c = 0; c < modcount; c++) + mods[c].musage (); +#endif + + if (fmt != NULL) + { + va_start (ap, fmt); + vsnprintf (buf, sizeof (buf) - 1, fmt, ap); + va_end (ap); + fprintf (stderr, "ERROR: %s\n", buf); + } + + exit (code); +} + +/* + * read's next ip from file. + * returns ip in NBO + * returns -1 (eg. 255.255.255.255) on failure + */ +unsigned long int +readnextip (void) +{ + char buf[64]; + + if (opt->ffd == NULL) + { + if ((opt->ffd = fopen (opt->hostfile, "r")) == NULL) + { + perror ("unable to open hostfile"); + return (-1); + } + opt->target = opt->hostfile; + } + fgets (buf, sizeof (buf), opt->ffd); + + return (inet_addr (buf)); +} + +/* + * get next ip in NBO from network/mask + * [could be random order] + * returns -1 [255.255.255.255] if no more ip's + * hint: rfc: "the first and last ip in a subnetwork are reserved" + */ +static unsigned long int +gennextip (void) +{ + + if (opt->ip_pos <= opt->end_ip) + return (htonl (opt->ip_pos++)); + + return (-1); + +} + +/* + * generate next ip in spread-mode + * must: ip.end_ip - ip.start_ip > 2 + */ +static unsigned long int +gennext_spreadip (void) +{ + u_long pos = opt->ip_pos; + + + if ((opt->ip_offset + 1 >= opt->ip_blklen) && (opt->ip_pos > opt->end_ip)) + return (-1); + + if ((opt->ip_pos + opt->ip_blklen > opt->end_ip) + && (opt->ip_offset + 1 < opt->ip_blklen)) + opt->ip_pos = opt->start_ip + (++opt->ip_offset); + else + opt->ip_pos += opt->ip_blklen; + + return (htonl (pos)); + +} + + +static unsigned long int +gennext_random (void) +{ + unsigned long int ip; + + if (opt->random_maxcount != 0) { + if (--opt->random_maxcount == 0) + return (-1); + } + +pitch: + ip = (random () & 0xffff) << 16; + ip |= random () & 0xffff; + + if (((ip & 0xe0000000) >= 0xe0000000) || /* 224.0.0.0/3 */ + ((ip & 0xff000000) == 0x7f000000) || /* 127.0.0.0/8 */ + ((ip & 0xff000000) == 0x0a000000) || /* 10.0.0.0/8 */ + ((ip & 0xffff0000) == 0xc0a80000) || /* 192.168.0.0/16 */ + ((ip & 0xffff0000) == 0xac100000) || /* 172.16.0.0/16 */ + (ip == 0x00000000)) /* 0.0.0.0/32 */ + goto pitch; + + return (htonl (ip)); +} + + +/* + * process all the options and load/init modules + */ +void +do_opt (int argc, char *argv[]) +{ + extern char *optarg; + extern int optind; /*, opterr, optopt;*/ + unsigned short int sp[ETH_ALEN]; + int c; + char do_usage = 0; + + + while ((c = getopt (argc, argv, OPTS)) != -1) + { + switch (c) + { + case 'C': /* process conf file */ + if (readConfFile (optarg)) + { + opt->flags |= FileOpt.flags; + opt->limit = FileOpt.limit; + opt->delay = FileOpt.delay; + opt->nt.src = FileOpt.srcAddr; + opt->lnet.device = FileOpt.device; + for (c = 0; c < 6; c++) + opt->spf_smac[c] = FileOpt.mac[c]; + } + else + fprintf (stderr, "%s is not a valid vonfig file\n", optarg); + break; + case 'L': + break; /* process module stuff AFTER main-opts */ + case 'h': + do_usage = 1; + break; + case 'r': + if (read_restore (optarg) != 0) + { + fprintf (stderr, "unable to read restore file '%s'\n", + optarg); + exit (-1); + } + opt->flags |= OPT_REST; + break; + case 'l': + opt->limit = atoi (optarg); + break; + case 'v': + opt->flags |= OPT_VERB; + break; + case 'X': + opt->flags |= OPT_SPREADSCAN; + break; + case 'O': + opt->flags |= OPT_OUTONLY; /* dont scan, output ip's only */ + break; + case 'm': + opt->flags |= OPT_SETARP; + sscanf (optarg, "%hx:%hx:%hx:%hx:%hx:%hx", &sp[0], &sp[1], &sp[2], + &sp[3], &sp[4], &sp[5]); + for (c = 0; c < 6; c++) + opt->spf_smac[c] = (u_char) sp[c]; + break; + case 'M': + opt->flags &= ~OPT_SETARP; + sscanf (optarg, "%hx:%hx:%hx:%hx:%hx:%hx", &sp[0], &sp[1], &sp[2], + &sp[3], &sp[4], &sp[5]); + for (c = 0; c < 6; c++) + opt->spf_smac[c] = (u_char) sp[c]; + break; + case 'd': + opt->delay = atoi (optarg); + break; + case 'i': + opt->lnet.device = optarg; + break; + case 's': + opt->nt.src = inet_addr (optarg); + break; + case 'f': + opt->hostfile = optarg; + opt->flags |= OPT_HOSTFILE; + break; + case 'V': + printf (VERSION "\n"); + exit (0); + case ':': + usage (0, "parameter missing", c); + break; + default: + break; + usage (0, "unknown option -%c", c); + } + } + + /* + * init modules AFTER processing main-opts + */ +#ifdef HAVE_DLSYM + optind = 1; + while ((c = getopt (argc, argv, OPTS)) != -1) + { + switch (c) + { + case 'L': + loadinit_mod(optarg); + break; + } /* eo switch(c) */ + } /* eo while */ +#endif + if (do_usage != 0) + usage (0, NULL); + + if ((optind < argc) && (!(opt->flags & OPT_REST))) + opt->argvlist = &argv[optind]; + if (opt->flags & OPT_OUTONLY) + opt->delay = 0; + if (opt->nt.src == -1) + usage (0, "you must specify a -s source address"); + if ((opt->argvlist == NULL) && (opt->hostfile == NULL)) + usage (0, "you must specify a -f hostfile or an ip-range"); + +} + +/* + * called via SIGCHLD and w8 for the pid [to destroy last kernel structure] + * OBSOLETE, ###fixme + */ +void +waitchld (int sig) +{ + int status; + wait (&status); /* exit status of the child */ +} + +void +sig_handle_abort (int sig) +{ + + if (pthread_self() != opt->bscantid) + return; + + fprintf (stderr, "Session aborted ...one more to kill process\n"); + signal (sig, die); + opt->flags |= OPT_ABRT; +} + +/* + * generic signal driver :> + */ +void +sigdriver (int sig) +{ + + if (pthread_self() != opt->bscantid) + return; + + if (sig == SIGUSR1) + print_scanstat (stderr); + if ((sig == SIGINT) || (sig == SIGQUIT)) /* ctrl-c */ + sig_handle_abort (sig); +} + +/* + * This function MUST be called on exit (..or use atexit():) + * we have threads. Doesnt matter which thread calls this + * function...do everything and exit() the process + * (kills all threads...not very gentle...but...). + */ +void +die (int sig) +{ + int c = 0; + + print_scanstat (stderr); /* print before cleanup routines...*/ + + if (opt->flags & OPT_ABRT) + if (write_restore () != 0) + perror ("restorefile failed"); + if ((opt->flags & OPT_SETARP) && (unsetarp (opt->nt.src) != 0)) + fprintf (stderr, "unable to unset arpentry. do it manually\n"); +#ifdef HAVE_DLSYM + while (c < modcount) + mods[c++].fini (); +#endif + +#ifdef DEBUG + printf ("calling exit.\n"); +#endif + + fflush (stdout); + + exit (0); +} + +/* + * reset all vars used during the scan (counters, ...) + * should be called before the call to make_iprange() + * If not...make_iprange thinks we use restore-file + */ +void +reset_vars () +{ + opt->target = NULL; + opt->ipscan_count = 0; + opt->bsent_count = 0; + opt->ip_offset = 0; + opt->ip_blklen = 0; + opt->ip_pos = 0; + opt->start_ip = 0; + opt->end_ip = 0; + opt->snarf.close_c = 0; + opt->snarf.open_c = 0; + opt->snarf.refused_c = 0; + opt->snarf.icmp_c = 0; +} + + +void +init_vars (char **nullptr) +{ + srandom ((unsigned int) time (NULL)); + + if ((opt = calloc (1, sizeof (*opt))) == NULL) + { + perror ("calloc"); + exit (-1); + } + memset (opt, 0, sizeof (struct _opt)); + + opt->bscantid = 0; + opt->snarftid = 0; + opt->packet = packet; + opt->pkg_maxlen = sizeof (packet); + opt->pkg_len = 0; + opt->scan_start.tv_sec = 0; + opt->iptotscan_count = 0; + opt->scan_start.tv_usec = 0; + opt->hostfile = NULL; + opt->limit = 1000; + opt->flags = OPT_SETARP; + opt->ffd = NULL; + opt->argvlist = nullptr; + opt->lnet.device = NULL; /* done by libnet and libpcap */ + memcpy (opt->spf_smac, SPF_SMAC, 6); + opt->nt.src = -1; + opt->nt.dst = -1; + opt->delay = 10; + opt->lnet.device = NULL; + reset_vars (); + + signal (SIGINT, sigdriver); + signal (SIGQUIT, sigdriver); + signal (SIGTERM, die); /* also called by client */ + signal (SIGCHLD, SIG_IGN); + signal (SIGUSR1, sigdriver); +} + +void +print_opt () +{ + u_char *p = (u_char *) opt->spf_smac; + + fprintf (stderr, "Pid : %d\n", getpid()); + fprintf (stderr, "Interface : %s\n", opt->lnet.device); + fprintf (stderr, "Source IP : %s\n", int_ntoa (opt->nt.src)); + fprintf (stderr, "Source MAC : %2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x\n", + p[0], p[1], p[2], p[3], p[4], p[5]); + fprintf (stderr, "pps : %u\n", opt->limit); +} + +/* + * print scanstatistics on filedes + */ +void +print_scanstat (FILE * fd) +{ + char perc = 100; + struct timeval tv2; + time_t timep; + struct tm mytm; + + gettimeofday (&tv2, NULL); + time_diff (&opt->scan_start, &tv2); + if (tv2.tv_sec == 0) + tv2.tv_sec = 1; + timep = tv2.tv_sec; + gmtime_r (&timep, &mytm); + + if ((opt->end_ip - opt->start_ip) != 0) + perc = + (((float) + opt->ipscan_count / (float) (opt->end_ip - + opt->start_ip)) * 100); + + fprintf (fd, + "%2.2d:%2.2d:%2.2d:%2.2d %s %3d%% p/s: %6d [o:%lu r:%lu c:%lu i:%lu]\n", + mytm.tm_yday, mytm.tm_hour, mytm.tm_min, mytm.tm_sec, + opt->target, perc, (int) (opt->iptotscan_count / tv2.tv_sec), + opt->snarf.open_c, opt->snarf.refused_c, opt->snarf.close_c, + opt->snarf.icmp_c); + +} + + +/* + * calculate beginning and end of ip-range + * set start_ip and end_ip and target + */ +void +make_iprange (u_long * network, u_long * netmask, u_long * start_ip, + u_long * end_ip, char *str) +{ + char buf[64]; + char *ptr; + + opt->target = str; + strncpy (buf, str, sizeof (buf)); + buf[sizeof (buf) - 1] = '\0'; + opt->getnextip = NULL; + *start_ip = 0; + + if (strncmp (buf, "random", 6) == 0) { + opt->getnextip = (void *) gennext_random; + if (strchr (buf, ':') != NULL) { + sscanf (strchr (buf, ':') + 1, "%lu", &opt->random_maxcount); + } else { + opt->random_maxcount = 0; + } + return; + } + + /* a.b.c.d/e */ + if (strchr (buf, '/') != NULL) + { + *netmask = 0xffffffff; /* for the lamers who forget the / */ + + if ((ptr = (char *) strrchr (buf, '/')) != NULL) + *netmask = 0xffffffff << (32 - atoi (ptr + 1)); + + if ((ptr = (char *) strchr (buf, '/')) != NULL) + *ptr = '\0'; + + *network = (ntohl (inet_addr (buf)) & *netmask); + *start_ip = (*network & *netmask) + 1; + *end_ip = (*network | ~*netmask) - 1; + if (*netmask >= 0xfffffffe) + (*start_ip)--; + if (*netmask == 0xffffffff) + (*end_ip)++; + } + + /* a.b.c.d - w.x.y.z */ + if ((*start_ip == 0) && ((ptr = (char *) strrchr (buf, '-')) != NULL)) + { + *end_ip = ntohl (inet_addr (ptr + 1)); + *ptr = '\0'; + *start_ip = ntohl (inet_addr (buf)); + } + + /* a.b.c.d */ + if (*start_ip == 0) + { + *end_ip = ntohl (inet_addr (buf)); + *start_ip = ntohl (inet_addr (buf)); + } + + if (opt->ip_pos == 0) /* if != 0 we use restore-file */ + opt->ip_pos = *start_ip; + + /* initialize getnextip-funtion and spread scan variables */ + if ((opt->flags & OPT_SPREADSCAN) && (opt->end_ip - opt->start_ip > 2)) + { + init_spreadscan (opt->end_ip - opt->start_ip); + opt->getnextip = (void *) gennext_spreadip; + } + else + { + opt->getnextip = (void *) gennextip; + } + +} + +/* + * initialize offset for spread-scan + * call make_iprange before + * + * most networks are /24. dont let ip_blklen get to big + */ +void +init_spreadscan (u_long diff) +{ + opt->ip_blklen = (u_long) sqrt (diff); + + if (opt->ip_blklen > 100) /* range is 100^2 large */ + opt->ip_blklen = 257 + opt->ip_blklen * 0.2; /* use a prime# here */ + +} + + +/* + * output the ip's only. dont scan. + */ +void +do_outonly () +{ + uint32_t ip; + + while ((ip = (*opt->getnextip) ()) != -1) + { + opt->ipscan_count++; + printf ("%s\n", int_ntoa (ip)); + } + +} + + +/* + * process a scanrange from argv + * Return -1 if abort + */ +int +process_iprange () +{ + int c = 0; + int ret; +#ifdef HAVE_DLSYM + int mc = 0; +#endif + + while ((opt->nt.dst = (*opt->getnextip) ()) != -1) + { + memset (opt->packet, 0, opt->pkg_maxlen); + + opt->pkg_len = 0; + + if (opt->flags & OPT_VERB) + fprintf (stderr, "scanning %s:%d\n", + int_ntoa (opt->nt.dst), ntohs (opt->nt.dport)); + +#ifdef HAVE_DLSYM + for (mc = 0; mc < modcount; mc++) + { + ret = mods[mc].callmdl (MOD_FIRSTPKG, opt); + if (ret == RMOD_SKIP) + continue; + if (ret == RMOD_ABRT) + { + fprintf(stderr, "oops: callmdl returned RMOD_ABRT\n"); + return(-1); + } +#endif + + opt->bsent_count += + send_ipv4 (opt->sox, opt->packet + ETH_SIZE, opt->pkg_len); + opt->iptotscan_count++; + opt->ipscan_count++; /* linear ipscan-offset */ + + if (opt->ipscan_count % opt->limit == 0) /* every second */ + { + if ((c = tty_getchar ()) != -1) + print_scanstat (stderr); + if (opt->flags & OPT_ABRT) + return (-1); /* sig_abort_handler called */ + } + + /* do floodprotection */ + while (opt->limit > 0) + { + /* + * forgett about the initial value of tv.tv_usec... + * This is called 'optimizing algorithms'. The usec does + * not count if you scan >>10seconds... + */ + gettimeofday (&opt->tv2, NULL); + opt->sec = (opt->tv2.tv_sec - opt->scan_start.tv_sec) + - (opt->scan_start.tv_usec - opt->tv2.tv_usec) / 1000000.0; + if ((opt->iptotscan_count / opt->sec) >= opt->limit) + usleep (10); /* should give up timeslice */ + else + break; + } +#ifdef HAVE_DLSYM + } /* modcount-loop */ +#endif + } + return (0); +} + +void * +p_doit(void *arg) +{ + printf("first thread here\n"); + sleep(100); + return NULL; +} + + +int +main (int argc, char *argv[]) +{ + struct sockaddr_in saddr; + struct timeval tv; + int size; + int pstatus; /* pthread error status */ +#ifdef IP_HDRINCL + const int on = 1; +#endif + + init_vars (&argv[argc]); /* before do_opt */ + + do_opt (argc, argv); + tty_init (); + + if (opt->flags & OPT_SETARP) + if (setarp (opt->nt.src, opt->spf_smac) != 0) + { + fprintf (stderr, "unable to set arpentry. do it manually\n"); + exit (1); + } + + init_network_raw (); + prepare_libnet (&opt->lnet); /* used by arpg.c and maybe by bscan.c */ + + memset (&saddr, 0, sizeof (saddr)); + + if ((opt->sox = socket (AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) + { + fprintf (stderr, "error creating socket\n"); + exit (1); + } +#ifdef IP_HDRINCL + if (setsockopt (opt->sox, IPPROTO_IP, IP_HDRINCL, &on, sizeof (on)) < 0) + { + fprintf (stderr, "error setsockopt\n"); + exit (1); + } +#endif + + size = 160 * 1024; /* OK if setsockopt fails */ + setsockopt (opt->sox, SOL_SOCKET, SO_SNDBUF, &size, sizeof (size)); + + opt->flags |= OPT_W8SEMA; + opt->bscantid = pthread_self(); + pstatus = pthread_create(&opt->snarftid, NULL, &do_snarf, opt->lnet.device); + if (pstatus != 0) + err_abort(pstatus, "pthread_create"); + + while (opt->flags & OPT_W8SEMA) + usleep(50); + + print_opt (); + + if (opt->scan_start.tv_sec == 0) + gettimeofday (&opt->scan_start, NULL); + + while ((*opt->argvlist != NULL) || (opt->flags & OPT_HOSTFILE)) + { + if (!(opt->flags & OPT_REST)) + reset_vars (); /* reset all counting variables */ + + if (!(opt->flags & OPT_HOSTFILE)) + { + make_iprange (&opt->network, &opt->netmask, &opt->start_ip, + &opt->end_ip, *opt->argvlist++); + } + else + { + opt->getnextip = (void *) readnextip; + if (opt->flags & OPT_REST) + { + int c = 0; + + fprintf (stderr, "restore: skipping %lu in '%s'\n", + opt->ipscan_count, opt->hostfile); + while (c++ < opt->ipscan_count) + if ((*opt->getnextip) () == -1) + break; + } + } + + opt->flags &= ~OPT_REST; /* 2nd.. init not by restorefile */ + + if ((opt->getnextip == NULL) || (opt->nt.src == 0) + || (opt->nt.src == -1)) + usage (0, "no ip/range given or nonparseable range, skip"); + if (opt->flags & OPT_OUTONLY) + { + do_outonly (); + continue; + } + + if (process_iprange () == -1) + { + print_scanstat (stderr); + break; /* abort scan ! */ + } + + if (opt->flags & OPT_HOSTFILE) + break; /* process only ONE hostfile */ + + if (*opt->argvlist != NULL) + print_scanstat (stderr); + } + + gettimeofday (&tv, NULL); + time_diff (&opt->scan_start, &tv); + opt->sec = tv.tv_sec + tv.tv_usec / 1000000.0; + fprintf (stderr, "scanned %lu ip's in %.3f seconds\n", opt->iptotscan_count, + opt->sec); + if (opt->delay > 0) + { + fprintf (stderr, "waiting %d sec for outstanding packets...\n", + opt->delay); + signal (SIGINT, die); /* if waiting exit immediatly on INTR */ + sleep (opt->delay); + } + + die (0); + return (0); +} diff --git a/other/b-scan/tmp/src/cf_prse.l b/other/b-scan/tmp/src/cf_prse.l new file mode 100644 index 0000000..592bf7a --- /dev/null +++ b/other/b-scan/tmp/src/cf_prse.l @@ -0,0 +1,172 @@ +VOID_LINE "b-scan:" +LOCAL_IP "SourceAddress" +STATIC_MAC "StaticSpoofedMacAddress" +SPOOF_MAC "MacAddress" +INTERFACE "Interface" +SPREADMODE "SpreadScan" +PACKETS_PS "PacketsPerSecond" +PATIENCY "MaxWaitDelay" +VERBOSE "Verbose" +LOAD_MOD "addModule" + +%{ +/* + * options with a "bool" are allowed to take "yes", "1" and "true" + * and the negated counterparts (case insensitive) as argument. + * all others take their argument as supplyed on the command line. + * + * + * VOID_LINE lines beginning with this string will be passed directly to stderr + * LOCAL_IP -s option + * STATIC_MAC -m bool + * SPOOF_MAC -M + * INTERFACE -i + * SPREADMODE -X bool + * PACKETS_PS -l + * PATIENCY -d + * VERBOSE -v bool + * MODULE -L + */ +%} + + +%{ +#include +#include +#include +#include +#include +#include +#include + + +/* defines from bscan.h. why not include? because it sucks! using libnet-config for pff! */ +#define OPT_VERB 0x1 +#define OPT_SETARP 0x4 +#define OPT_SPREADSCAN 0x8 + + +char * +getArg (char *s) +{ + int x = strlen (s); + + while (s[x] != ' ' && s[x] != '\t') + --x; + return (s + x + 1); +} + + +int +evaluateBoolArg (char *s) +{ + s = getArg (s); + + if (!strcasecmp (s, "yes") || !strcasecmp (s, "true") || !strcasecmp (s, "1")) + return (1); + else if (!strcasecmp (s, "no") || !strcasecmp (s, "false") || !strcasecmp (s, "0")) + return (0); + else + return (-1); +} + + +void +set_s_opt (char *s) +{ + s = getArg (s); + FileOpt.srcAddr = inet_addr (s); +} + + +void +set_m_opt (char *s) +{ + s = getArg (s); + if (evaluateBoolArg (s)) + FileOpt.flags |= OPT_SETARP; +} + + +void set_M_opt (char *s) +{ + s = getArg (s); + sscanf (s, "%hx:%hx:%hx:%hx:%hx:%hx", &FileOpt.mac[0], &FileOpt.mac[1], + &FileOpt.mac[2], &FileOpt.mac[3], &FileOpt.mac[4], &FileOpt.mac[5]); +} + + +void set_i_opt (char *s) +{ + s = getArg (s); + FileOpt.device = (char *) malloc (strlen (s) + 1); + memset (FileOpt.device, 0, strlen (s) + 1); + memcpy (FileOpt.device, s, strlen (s)); +} + +void set_X_opt (char *s) +{ + s = getArg (s); + if (evaluateBoolArg (s)) + FileOpt.flags |= OPT_SPREADSCAN; +} + + +void set_l_opt (char *s) +{ + s = getArg (s); + FileOpt.limit = atoi (s); +} + + +void set_d_opt (char *s) +{ + s = getArg (s); + FileOpt.delay = atoi (s); +} + + +void set_v_opt (char *s) +{ + s = getArg (s); + if (evaluateBoolArg (s)) + FileOpt.flags |= OPT_VERB; +} + +void set_L_opt (char *s) +{ + s = s + strlen ("addModule") + 1; + while (*s == ' ' || *s == '\t') + s++; + loadinit_mod (s); +} + +%} +%% + +^{VOID_LINE}[\t !-?a-zA-Z0-9]* fprintf (stderr, "%s\n", yytext); +^{LOCAL_IP}[\t .0-9]* set_s_opt (yytext); +^{STATIC_MAC}[\t a-zA-Z0-9]* set_m_opt (yytext); +^{SPOOF_MAC}[\t :a-fA-F0-9]* set_M_opt (yytext); +^{INTERFACE}[\t a-zA-Z0-9]* set_i_opt (yytext); +^{SPREADMODE}[\t a-zA-Z0-9]* set_X_opt (yytext); +^{PACKETS_PS}[\t a-zA-Z0-9]* set_l_opt (yytext); +^{PATIENCY}[\t a-zA-Z0-9]* set_d_opt (yytext); +^{VERBOSE}[\t a-zA-Z0-9]* set_v_opt (yytext); +^{LOAD_MOD}[\t !-?\-_.:,;a-zA-Z0-9]* set_L_opt (yytext); + +[\n\t a-zA-Z0-9] +. + +%% + +int yywrap () { return (1);} + +int +readConfFile (char *s) +{ + if ((yyin = fopen (s, "r")) == NULL) + return 0; + yylex (); + return 1; +} diff --git a/other/b-scan/tmp/src/dcd_icmp.c b/other/b-scan/tmp/src/dcd_icmp.c new file mode 100644 index 0000000..c627a56 --- /dev/null +++ b/other/b-scan/tmp/src/dcd_icmp.c @@ -0,0 +1,166 @@ +/* bscan - icmp decoder + * + * based on information from + * RFC792 - INTERNET CONTROL MESSAGE PROTOCOL + * RFC950 - Internet Standard Subnetting Procedure + * ??? "ICMP Usage in Scanning" (ICMP_Scanning_v2.5.pdf) + */ + +#include +#include + +static char * icmp_echo_reply[] = { + "ICMP ECHOREPLY", + NULL +}; + +static char * icmp_unreach[] = { + "ICMP UNREACH network unreachable", + "ICMP UNREACH host unreachable", + "ICMP UNREACH protocol unreachable", + "ICMP UNREACH port unreachable", + "ICMP UNREACH fragmentation needed but don't-fragment bit set", + "ICMP UNREACH source route failed", + "ICMP UNREACH destination network unknown", + "ICMP UNREACH destination host unknown", + "ICMP UNREACH source host isolated", + "ICMP UNREACH destination network administratively prohibited", + "ICMP UNREACH destination host administratively prohibited", + "ICMP UNREACH network unreachable for TOS", + "ICMP UNREACH host unreachable for TOS", + "ICMP UNREACH communication administratively prohibited by filtering", + "ICMP UNREACH host precedence violation", + "ICMP UNREACH precedence cutoff in effect", + NULL +}; + +static char * icmp_quench[] = { + "ICMP QUENCH", + NULL +}; + +static char * icmp_redirect[] = { + "ICMP REDIRECT Redirect datagrams for the Network", + "ICMP REDIRECT Redirect datagrams for the Host", + "ICMP REDIRECT Redirect datagrams for the Type of Service and Network", + "ICMP REDIRECT Redirect datagrams for the Type of Service and Host", + NULL +}; + +static char * icmp_alternate[] = { + "ICMP ALTERNATEHOSTADDRESS", + NULL +}; + +static char * icmp_echo[] = { + "ICMP ECHO", + NULL +}; + +static char * icmp_routerad[] = { + "ICMP ROUTERADVERTISEMENT", + NULL +}; + +static char * icmp_routersel[] = { + "ICMP ROUTERSELECTION", + NULL +}; + +static char * icmp_timeexceed[] = { + "ICMP TIMEEXCEED time to live exceeded in transit", + "ICMP TIMEEXCEED fragment reassembly time exceeded", + NULL +}; + +static char * icmp_parprob[] = { + "ICMP PARAMETER pointer indicates the error", + "ICMP PARAMETER missing a required option", + "ICMP PARAMETER bad length", + NULL +}; + +static char * icmp_timestamp[] = { + "ICMP TIMESTAMP", + NULL +}; + +static char * icmp_timestamp_reply[] = { + "ICMP TIMESTAMPREPLY", + NULL +}; + +static char * icmp_information[] = { + "ICMP INFORMATION", + NULL +}; + +static char * icmp_information_reply[] = { + "ICMP INFORMATIONREPLY", + NULL +}; + +static char * icmp_addressmask[] = { + "ICMP ADDRESSMASK", + NULL +}; + +static char * icmp_addressmask_reply[] = { + "ICMP ADDRESSMASKREPLY", + NULL +}; + +static char * icmp_ERR[] = { + "ICMP invalid code", + NULL +}; + +struct icmp_typeelem { + int count; + char ** tab; +}; + +struct icmp_typeelem icmp_tab[] = { + { 1, icmp_echo_reply }, /* 0 Echo Reply */ + { 0, icmp_ERR }, /* 1 UNUSED */ + { 0, icmp_ERR }, /* 2 UNUSED */ + { 16, icmp_unreach }, /* 3 Destination Unreachable */ + { 1, icmp_quench }, /* 4 Source Quench */ + { 4, icmp_redirect }, /* 5 Redirect */ + { 1, icmp_alternate }, /* 6 Alternate Host Address */ + { 0, icmp_ERR }, /* 7 UNUSED */ + { 1, icmp_echo }, /* 8 Echo */ + { 1, icmp_routerad }, /* 9 Router Advertisement */ + { 1, icmp_routersel }, /* 10 Router Selection */ + { 2, icmp_timeexceed }, /* 11 Time Exceeded */ + { 3, icmp_parprob }, /* 12 Parameter Problem */ + { 1, icmp_timestamp }, /* 13 Timestamp */ + { 1, icmp_timestamp_reply }, /* 14 Timestamp Reply */ + { 1, icmp_information }, /* 15 Information Request */ + { 1, icmp_information_reply }, /* 16 Information Request */ + { 1, icmp_addressmask }, /* 17 RFC950: Address Mask Request */ + { 1, icmp_addressmask_reply }, /* 18 RFC950: Address Mask Reply */ + { 0, NULL }, /* EOList */ +}; + +int icmp_type_max = (sizeof (icmp_tab) / sizeof (struct icmp_typeelem)) - 1; + +const char * +icmp_str (int type, int code) +{ + struct icmp_typeelem * it; + + if (type < 0 || type >= icmp_type_max) + return ("ICMP invalid type"); + + it = &icmp_tab[type]; + if (it->count == 0) + return (it->tab[0]); + + if (code < 0 || code >= it->count) + return ("ICMP invalid code"); + + return (it->tab[code]); +} + + diff --git a/other/b-scan/tmp/src/garage.c b/other/b-scan/tmp/src/garage.c new file mode 100644 index 0000000..4beba2d --- /dev/null +++ b/other/b-scan/tmp/src/garage.c @@ -0,0 +1,508 @@ +/* bscan - garage.c - per IP storage functions + * + * by scut / teso + * by skyper / teso + * + * this module implements a per-IP storage method to allow other modules + * to store state information about hosts (ie for TCP fingerprinting or + * stateful protocols). + * + * 2000/12/31 version 1.0.1 - scut + * - added CIDR helper functions + * - added mg_cidr_getmask function to convert CIDR/netmask + * notation + * - added mg_cidr_maskcount to count max possible hosts in a mask + * - added mg_cidr_count function to count hosts in garage that + * match a mask + * - added ip based counter to the garage structure, this costs + * only few cycles when working with elements, but repays for + * the mg_count and some of the mg_cidr_* functions + * - changed mg_count to take advantage of the garage counter + * - added mg_cidr_match function + * - workaround for some size-dependant misoptimizations of gcc + * + * 2000/12/31 version 1.0.0 - scut + * - support for storage, retrieval and max-keep counter + * with automatic deallocation + */ + +#include +#include +#include +#include +#include + + +/* memory layout: + * + * each per-ip data is stored in a linked list element. the linked list + * can (theoretically) contain up to 2^16 elements, if the entire IP space + * is scanned at once. + * + * up to 2^16 of this linked lists can exist, hence 2^16*2^16 = 2^32 = whole + * IPv4 space. to access the correct linked list we calculate a hash value, + * to directly read from a one dimensional table of linked list root pointers. + * + * unsigned long int ip; + * + * h = ((ip >> 16) + ip) 0xffff) + * + * the linked list indexed by this two hash values is sorted in ascending + * order by the IP as unsigned long int. + */ + +#define MG_H(ip) ((((ip) >> 16) + (ip)) & 0xffff) + + +#ifdef DEBUG +unsigned long long int tackall = 0; +unsigned long long int tackc = 0; +#endif + +#if 0 +/* unused code + */ +static unsigned long int +mg_count_slot (ip_list *list); +#endif + + +/* XXX/FIXME/TODO: shouldn't be here + */ +void * +xcalloc (unsigned int factor, unsigned int size) +{ + void * foo = calloc (factor, size); + + if (foo == NULL) { + perror ("xcalloc"); + + exit (EXIT_FAILURE); + } + + return (foo); +} + + +/* destroy the ip_list element given in `slot' + */ +static void +mg_destroy_slot (garage_hdlr *g, ip_list *slot, void (* cleaner)(ip_list *)); + + +garage_hdlr * +mg_init (char *name, unsigned long int max_hosts_in_list, + void (* cleaner)(ip_list *)) +{ + garage_hdlr * new = xcalloc (1, sizeof (garage_hdlr)); + + new->name = name; + new->garage = xcalloc (256 * 256, sizeof (ip_list *)); + new->cleaner = cleaner; + new->ip_count = 0; + + if (max_hosts_in_list == 0) { + new->timeout_tbl = NULL; + new->timeout_max = 0; + new->timeout_idx = 0; + } else { + new->timeout_tbl = xcalloc (max_hosts_in_list, + sizeof (unsigned long int)); + new->timeout_max = max_hosts_in_list; + new->timeout_idx = 0; + } + + memset (new->garage, '\x00', 256 * 256 * sizeof (ip_list *)); + if (new->timeout_tbl != NULL) + memset (new->timeout_tbl, '\x00', max_hosts_in_list * + sizeof (unsigned long int)); + + return (new); +} + + +void +mg_destroy (garage_hdlr *g, int do_handler) +{ + int h; + + +#ifdef DEBUG + printf ("tackcount = %Lu\n", tackc); + printf ("tackall = %Lu\n", tackall); + printf ("tackmedian = %2.3f\n", (float) ((float) tackall / (float) tackc)); +#endif + + for (h = 0 ; h < (256 * 256) ; ++h) { + if (g->garage[h] != NULL) { + /* the IP list structure for the IP will be free'd + * by mg_clean, too, so we don't have to do that + * manually + */ + mg_destroy_slot (g, g->garage[h], (do_handler == 0) ? + NULL : g->cleaner); + g->garage[h] = NULL; + } + } + + free (g->garage); + if (g->timeout_tbl == NULL) + free (g->timeout_tbl); + + /* g->name is not to be free'd */ + + free (g); +} + + +static void +mg_destroy_slot (garage_hdlr *g, ip_list *slot, void (* cleaner)(ip_list *)) +{ + ip_list * next; + + do { + next = slot->next; + mg_clean (g, slot->ip, cleaner); + slot = next; + } while (slot != NULL); + + return; +} + + +void +mg_write (garage_hdlr *g, unsigned long int ip, void *data, size_t data_len, + int data_free) +{ + ip_list * il; + ip_elem * new = xcalloc (1, sizeof (ip_elem)); + + + new->next = NULL; + new->data_free = data_free; + new->data_len = data_len; + new->data = data; + + + il = g->garage[MG_H (ip)]; + if (il == NULL) { + il = xcalloc (1, sizeof (ip_list)); + il->next = NULL; + il->ip = ip; + il->data = new; + + g->garage[MG_H (ip)] = il; + g->ip_count += 1; + } else { + ip_list ** cw = &g->garage[MG_H (ip)]; + + while (il != NULL && ip > il->ip) { + cw = &il->next; + il = il->next; + } + + if (il != NULL && ip == il->ip) { + new->next = il->data; + il->data = new; + } else { + ip_list * il_tmp = xcalloc (1, sizeof (ip_list)); + + il_tmp->next = il; + *cw = il_tmp; + il = il_tmp; + + il->ip = ip; + il->data = new; + + g->ip_count += 1; + } + } + + if (g->timeout_tbl != NULL) { +#ifdef DEBUG + printf ("tbl = 0x%08lx tbl_idx = %5lu tbl_max = %5lu tbl_count = %8lu\n", + (unsigned long int) g->timeout_tbl, + (unsigned long int) g->timeout_idx, + (unsigned long int) g->timeout_max, + (unsigned long int) mg_count (g)); + printf ("g->timeout_tbl[g->timeout_idx] = %lu\n", g->timeout_tbl[g->timeout_idx]); + printf ("condition = %s\n", (g->timeout_tbl[g->timeout_idx] != 0) ? "true" : "false"); +#endif + + if (g->timeout_tbl[g->timeout_idx] != 0) + mg_clean (g, g->timeout_tbl[g->timeout_idx], NULL); + + g->timeout_tbl[g->timeout_idx] = il->ip; +#ifdef DEBUG + printf ("g->timeout_idx = %5ld g->timeout_max = %5ld\n\n", + g->timeout_idx, g->timeout_max); +#endif + g->timeout_idx = (g->timeout_idx + 1) % g->timeout_max; + } +} + + +ip_elem * +mg_read (garage_hdlr *g, unsigned long int ip) +{ +#ifdef DEBUG + int tackcount = 0; +#endif + ip_list * il = g->garage[MG_H (ip)]; + + /* no list for this hash value -> no IP stored + */ + if (il == NULL) + return (NULL); + + /* walk the list + */ + do { + if (il->ip == ip) +#ifdef DEBUG + { + printf ("tackcount = %d\n", tackcount); + tackall += tackcount; + tackc += 1; +#endif + return (il->data); +#ifdef DEBUG + } else { + tackcount += 1; + } +#endif + + il = il->next; + + } while (il != NULL && il->ip <= ip); + + return (NULL); +} + + +void +mg_clean (garage_hdlr *g, unsigned long int ip, void (* cleaner)(ip_list *)) +{ + ip_elem * iel; + ip_elem * iel_tmp; + + ip_list ** cw = &g->garage[MG_H (ip)]; + ip_list * il; + + + il = *cw; + + /* walk the list + */ + while (il != NULL && il->ip < ip) { + cw = &il->next; + il = il->next; + } + + if (il == NULL || il->ip != ip) + return; + + *cw = il->next; + + /* if a cleaner has been given, or there is a default cleaner in the + * garage, then run it + */ + if (cleaner != NULL) { + cleaner (il); + } else if (g->cleaner != NULL) { + g->cleaner (il); + } + + iel = il->data; + while (iel != NULL) { + iel_tmp = iel; + if (iel->data_free) + free (iel->data); + + iel = iel->next; + free (iel_tmp); + } + + g->ip_count -= 1; + + free (il); + + return; +} + + +void +mg_show (garage_hdlr *g) +{ + int h1, h2; + int count; + + char display[] = ".123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; + + printf ("=== garage = %s === elements in garage = %lu\n", g->name, mg_count (g)); + printf ("0_________0_________0_________0_________0_________0_________0_________\n"); + + for (h1 = 0 ; h1 < 256 ; ++h1) { + count = 0; + for (h2 = 0 ; h2 < 256 ; ++h2) { + if (g->garage[h1 * 256 + h2] != NULL) + count += 1; + } + + printf ("%c", count >= (sizeof (display) - 1) ? '>' : display[count]); + if ((h1 + 1) % 70 == 0) { + printf ("\n"); + printf ("0_________0_________0_________0_________0_________0_________0_________\n"); + } + } + printf ("\n"); + +} + + +unsigned long int +mg_count (garage_hdlr *g) +{ + return (g->ip_count); +} + + +#if 0 +/* unused code + */ +static unsigned long int +mg_count_slot (ip_list *list) +{ + unsigned long int count = 0; + + do { + count += 1; + list = list->next; + } while (list != NULL); + + return (count); +} +#endif + + +int +mg_ip_isin (garage_hdlr *g, unsigned long int ip) +{ + ip_list * il = g->garage[MG_H (ip)]; + + if (il == NULL) + return (0); + + while (il != NULL && ip < il->ip) { + il = il->next; + } + + if (il != NULL && ip == il->ip) + return (1); + + return (0); +} + + + +/* CIDR routines + * + * XXX: maybe move some basic CIDR routines to an extra file for maintance + * XXX: beta code, please test + */ + +unsigned long int +mg_cidr_getmask (unsigned long int mask) +{ + /* work around to dumb gcc 'optimizations' (ie compiler bug) + */ + if (mask == 0) + return (0); + + if (mask > 32) { + return (mask); + } else { + unsigned long int nm = 0xffffffff; + + /* clear zero bits + */ + mask = 32 - mask; + nm >>= mask; + nm <<= mask; + + return (nm); + } +} + + +unsigned long int +mg_cidr_maskcount (unsigned long int mask) +{ + return ((~mg_cidr_getmask (mask)) + 1); +} + + +int +mg_cidr_match (unsigned long int ip1, unsigned long int ip2, + unsigned long int mask) +{ + mask = mg_cidr_getmask (mask); + ip1 &= mask; + ip2 &= mask; + + return (ip1 == ip2); +} + + +unsigned long int +mg_cidr_count (garage_hdlr *g, unsigned long int ip, unsigned long int mask) +{ + unsigned long int count = 0; + unsigned long int ip_start, + ip_end; + + + ip_start = ip & mg_cidr_getmask (mask); + ip_end = ip_start + mg_cidr_maskcount (mask); + + /* workaround for /0 cidr mask (if sizeof (unsigned long int) == 4) + * it will make ip_end = 0, so we have to catch this case) + */ + if (ip_end == 0) + return (mg_count (g)); + + if ((ip_end - ip_start) >= mg_count (g)) { + /* since there are less elements then the ip range contains, + * we go for a count-matching-elements-by-scanning-through- + * the-entire-array like technique + */ + unsigned long int h; + ip_list * il; + + for (h = 0 ; h < (256 * 256) ; ++h) { + if (g->garage[h] != NULL) { + il = g->garage[h]; + + do { + if (mg_cidr_match (il->ip, ip, mask)) + count += 1; + + il = il->next; + } while (il != NULL); + } + } + } else { + /* there are more elements in the garage then this range + * contains, so scam this range only + */ + do { + count += mg_ip_isin (g, ip_start); + + ip_start += 1; + } while (ip_start < ip_end); + } + + return (count); +} + + diff --git a/other/b-scan/tmp/src/module.c b/other/b-scan/tmp/src/module.c new file mode 100644 index 0000000..1748914 --- /dev/null +++ b/other/b-scan/tmp/src/module.c @@ -0,0 +1,214 @@ +#include +#include +#include +#include +#include +#include + +struct _mods mods[MAX_MODULES]; +/* modstructures not initialized */ +int modcount = -1; + +/* +#ifdef HAVE_DLSYM +#define MAKE_DLSYM(x, y) mods[modcount].##x = dlsym(handle, ##y);\ + if ((error = dlerror()) != NULL) {\ + fprintf(stderr, ##y":%s\n", error); return(1); } +#endif +*/ + +/* I think this is more correct, and also gets rid of some compile warnings. + * hope this doesn't break anything. -typo */ +#ifdef HAVE_DLSYM +#define MAKE_DLSYM(x, y) mods[modcount].x = dlsym(handle, y);\ + if ((error = dlerror()) != NULL) {\ + fprintf(stderr, y":%s\n", error); return(1); } +#endif + +/* SunOS 4.1.3 support */ +#ifndef RTLD_NOW +#define RTLD_NOW 0x00001 +#endif +/* OpenBSD support */ +#ifndef RTLD_GLOBAL +#define RTLD_GLOBAL 0x00000 +#endif + +/* we really hate theo for this shit of dl* work */ +#if defined(__OpenBSD__) +# if !(defined(__mips) || defined(__powerpc)) +# define DLSYM_AOUT 1 +# else +# define DLSYM_AOUT 0 +# endif +#endif +#if DLSYM_AOUT == 1 +# define DLSYM_UNDERSCORE "_" +#else +# define DLSYM_UNDERSCORE /**/ +#endif + + +/* + * init the module structures. NOT the modules! + */ +void +init_modules () +{ + int c = 0; + + while (c < MAX_MODULES) + { + mods[c].init = NULL; + mods[c].fini = NULL; + mods[c].musage = NULL; + mods[c].modname = NULL; + mods[c].modid = 0; + mods[c].modarg = NULL; + mods[c++].callmdl = NULL; + } + modcount = 0; +} + + +/* + * Load a module + * Return 0 on success, != 0 on error [no space left, EACCESS, ...] + */ +int +add_module (char *fname, char *modarg) +{ +#ifdef HAVE_DLSYM + void *handle; + char *error; + + if (modcount == -1) + init_modules (); + + if (modcount >= MAX_MODULES) + return (2); /* array to small! */ + + handle = dlopen (fname, RTLD_NOW | RTLD_GLOBAL); + + if ((error = dlerror ()) != NULL) + { + fprintf (stderr, "%s\n", error); + return (1); + } + + MAKE_DLSYM (init, DLSYM_UNDERSCORE"init"); + MAKE_DLSYM (fini, DLSYM_UNDERSCORE"fini"); + MAKE_DLSYM (musage, DLSYM_UNDERSCORE"musage"); + MAKE_DLSYM (callmdl, DLSYM_UNDERSCORE"callmdl"); + + mods[modcount].modid = modcount; + mods[modcount].modarg = modarg; /* not encoded arg */ + + modcount++; + +#endif + return 0; +} + +/* + * split a 'space seperated string' into many arguements + * decode esc-sequences + */ +void +split_margs (const char *moptarg, char ***margvp, int *margcp) +{ + char *ptr, *opt; + int off; + char ch, ch2; + + if (margcp == NULL) + return; + + if (margvp == NULL) + return; + + if (moptarg == NULL) + return; + + moptarg = strdup(moptarg); + + /* + * convert " modname -a arg1 -b arg2" to + * "modname -a arg1 -b arg2" + */ + opt = (char *) calloc (1, strlen (moptarg) + 1); + off = 0; + ch2 = ' '; + ptr = (char *) moptarg; + while ((ch = *ptr++) != '\0') + { + if ((ch == ' ') && (ch2 == ' ')) + continue; + opt[off++] = ch; + ch2 = ch; + } + if (ch2 == ' ') + opt[off - 1] = '\0'; + + /* + * split argument-string into char *argv[] array + */ + *margcp = 0; + while ((ptr = strchr (opt, ' ')) != NULL) + { + *ptr++ = '\0'; + + (*margvp) = realloc (*margvp, ((*margcp) + 1) * sizeof (char *)); + + ctoreal(opt, opt); /* decode esc-sequences */ + *(*margvp + *margcp) = opt; + (*margcp)++; + opt = ptr; + } + (*margvp) = realloc (*margvp, ((*margcp) + 2) * sizeof (char *)); + ctoreal(opt, opt); + *(*margvp + (*margcp)++) = opt; + *(*margvp + (*margcp)) = NULL; /* terminate the array */ + +} + +/* + * load and init the module. + * this function can exit + * return 0 on success + */ +int +loadinit_mod(char *optar) +{ + char **margv = NULL; + int margc = 0; + extern int optind; + extern struct _opt *opt; + + split_margs (optar, &margv, &margc); + if (add_module (margv[0], optar) == 0) + { + int oldoptind = optind; + int m = modcount - 1; + optind = 1; + + if (mods[m].init ((char **) &mods[m].modname, margc, margv, opt) != 0) + { + fprintf (stderr, "- [%d]: '%s' init FAILED\n", + mods[m].modid, margv[0]); + mods[m].musage (); + exit (-1); + } else + fprintf (stderr, "+ [%d]: '%s' initialized\n", + mods[m].modid, mods[m].modname); + optind = oldoptind; /* restore old optind value */ + } else + { + fprintf (stderr, "+ [-]; '%s' failed\n", optar); + exit (-1); + } + + return(0); +} + + diff --git a/other/b-scan/tmp/src/network_raw.c b/other/b-scan/tmp/src/network_raw.c new file mode 100644 index 0000000..1b87eaa --- /dev/null +++ b/other/b-scan/tmp/src/network_raw.c @@ -0,0 +1,497 @@ +/* + * raw network routines + * libnet based (not yet ..but maybe in the future :> + */ + +#include +#include +#include +#include +#include +#include +#ifndef __FAVOR_BSD +#define __FAVOR_BSD +#endif +#ifndef __USE_BSD +#define __USE_BSD +#endif +#ifndef __BSD_SOURCE +#define __BSD_SOURCE +#endif +#include +#include + +static int netraw_lrand = 0; +#define LAME_RANDOM (netraw_lrand = (netraw_lrand + (netraw_lrand>>1))) + +/* + * init all the network_raw stuff + * return 0 on success, -1 on error + */ +int +init_network_raw () +{ + /* seeded by init_vars/bscan.c */ + netraw_lrand = 1 + (int) (65335.0 * rand () / (RAND_MAX + 1.0)); + return (0); +} + +/* + * calc. checksum WITH carry flag. + * call cksum = CKSUM_CARRY(sum); + * we calculate only the initial checksum here. + * we can use the result for all further packets + */ +int +in_cksum (unsigned short *addr, int len) +{ + int nleft = len; + int sum = 0; + u_short *w = addr; + u_short answer = 0; + + while (nleft > 1) + { + sum += *w++; + nleft -= 2; + } + + if (nleft == 1) /* padding */ + { + *(u_char *) (&answer) = *(u_char *) w; + sum += answer; + } + + return (sum); +} + + +/* + * add ICMP_ECHO or ICMP_TSTAMP + * len = len of payload + * add ICMP-header to pkt + */ +void +add_icmpping (unsigned char *pkt, int len, int which) +{ + struct icmp *icmp = (struct icmp *) pkt; + int sum; + struct timeval tv; + memset (icmp, 0, sizeof (*icmp)); /* sizeof(*icmp) = 28 */ + + if (which == ICMP_ECHO) + { + icmp->icmp_type = ICMP_ECHO; + } + else if (which == ICMP_TSTAMP) + { + if (len < 13) + printf ("packet too small for timestamp request, lets blast the packets out anyway\n"); + icmp->icmp_type = ICMP_TSTAMP; + } + else + printf ("Your kung-fu is bad!\n"); + + icmp->icmp_hun.ih_idseq.icd_id = LAME_RANDOM; + gettimeofday (&tv, NULL); + memcpy (icmp->icmp_dun.id_data, &tv, sizeof (tv)); + + sum = in_cksum ((u_short *) icmp, ICMP_SIZE + len); + icmp->icmp_cksum = CKSUM_CARRY (sum); +} + + +/* + * add udp-header [no checksum] + * len = len of payload + */ +void +add_udphdr(unsigned char *pkt, struct net_tuple *nt, int len) +{ + struct udphdr udp; + + memset(&udp, 0, sizeof(udp)); + udp.uh_sport = nt->sport; + udp.uh_dport = nt->dport; + udp.uh_ulen = htons(len + UDP_SIZE); + udp.uh_sum = 0; /* no checksum !*/ + memcpy(pkt, &udp, sizeof(udp)); +} + + +/* + * len = len of payload + */ +void +add_tcphdr (unsigned char *pkt, struct net_tuple *nt, uint8_t flags, int len, + tcp_seq * seq, tcp_seq * ack) +{ + struct tcphdr tcp; + struct tcphdr *tcpptr; + struct _fakehead fakehead; + int sum; + + memset (&tcp, 0, sizeof (tcp)); + memset (&fakehead, 0, sizeof (fakehead)); + tcp.th_dport = nt->dport; + tcp.th_sport = nt->sport; + fakehead.saddr = nt->src; + fakehead.daddr = nt->dst; + fakehead.zero = 0; + fakehead.protocol = IPPROTO_TCP; + fakehead.tot_len = htons (TCP_SIZE + len); + sum = in_cksum ((u_short *) & fakehead, sizeof (fakehead)); + tcp.th_off = TCP_SIZE >> 2; + if (seq != NULL) + tcp.th_seq = *seq; + else + tcp.th_seq = LAME_RANDOM; + if (ack != NULL) + tcp.th_ack = *ack; + tcp.th_flags |= flags; /* ADD the flags */ + tcp.th_win = htons (0x3fff); + memcpy (pkt, &tcp, sizeof (tcp)); + sum += in_cksum ((u_short *) pkt, sizeof (tcp) + len); + tcpptr = (struct tcphdr *)pkt; + tcpptr->th_sum = CKSUM_CARRY (sum); +} + + +/* + * add's ipv4-header of 20 bytes without any options + * - IPPROTO_TCP and 40 bytes total length + */ +void +add_iphdr (unsigned char *pkt, uint8_t ip_p, struct net_tuple *nt, int len) +{ + struct ip ip; + memset (&ip, 0, IP_SIZE); + ip.ip_hl = sizeof (ip) >> 2; + ip.ip_v = 4; + /*ip->tos = 0; */ + ip.ip_len = htons (len + IP_SIZE); /* htons ? */ + /*ip->id = 0; done by kernel */ + /*ip->frag_off = 0; */ + ip.ip_ttl = 0xff; + ip.ip_p = ip_p; + /*.ip->check = 0; done by kernel */ + ip.ip_src.s_addr = nt->src; + ip.ip_dst.s_addr = nt->dst; + memcpy (pkt, &ip, sizeof (ip)); +} + +/* + * send out ipv4-packet + * with data 'pkt' of length 'len' + * returns the number of characters sent, or -1 if an error occured + */ +int +send_ipv4 (int sox, u_char * pkt, size_t len) +{ + struct sockaddr_in to; + to.sin_family = AF_INET; + memcpy (&to.sin_addr.s_addr, (pkt + 4 * 4), sizeof (u_long)); + return (sendto (sox, pkt, len, 0, (struct sockaddr *) &to, sizeof (to))); +} + + +/* + * small/lame tcp userland stack + * give 'best' tcp-answer to a tcp-packet + * return 0 on success + * payload + len are optional + */ +int +answer_tcp (int sox, struct ip *ip, struct tcphdr *tcp, uint8_t flags, + u_char * payload, uint len) +{ + static u_char *outpkt = NULL; + static int msize = 0; + struct net_tuple nt; + tcp_seq outack; + + if (TCP_SIZE + IP_SIZE + len > msize) + { + outpkt = realloc (outpkt, TCP_SIZE + IP_SIZE + len); + msize = TCP_SIZE + IP_SIZE + len; + } + + if (outpkt == NULL) + return (-1); + if (ip == NULL) + return (-1); + if (tcp == NULL) + return (-1); + + memset (outpkt, 0, TCP_SIZE + IP_SIZE + len); + + nt.sport = tcp->th_dport; + nt.dport = tcp->th_sport; + nt.src = ip->ip_dst.s_addr; + nt.dst = ip->ip_src.s_addr; + + if (payload != NULL) + memcpy (outpkt + TCP_SIZE + IP_SIZE, payload, len); + + outack = ntohl (tcp->th_seq) + ntohs (ip->ip_len) - (tcp->th_off << 2) - + (ip->ip_hl << 2); + if (tcp->th_flags & (TH_SYN | TH_FIN)) + outack++; + + outack = htonl (outack); + add_tcphdr (outpkt + IP_SIZE, &nt, flags, len, &tcp->th_ack, &outack); + + add_iphdr (outpkt, IPPROTO_TCP, &nt, TCP_SIZE + len); + + send_ipv4 (sox, outpkt, IP_SIZE + TCP_SIZE + len); + + return (0); +} + + +/* + * return 0 if ip-header is valid [length only] + * len = length from the begin of the ip-header [20 for normal ip header] + */ +int +vrfy_ip (struct ip *ip, uint32_t len, u_short * ip_options) +{ + u_short _ip_options; + + if (len < sizeof (*ip)) + return (-1); + + _ip_options = ip->ip_hl << 2; + if (_ip_options > len) + return (-1); + + if (_ip_options > 0xefff) + return -1; + + if (_ip_options < sizeof (*ip)) + _ip_options = 0; + else + _ip_options -= sizeof (*ip); + + *ip_options = _ip_options; + return (0); +} + + +/* + * len = len of tcp-header + tcp_options + tcp_data (from wire). + * returns 0 if tcp-header is valid [length check only] + * returns options + * != 0 if something went wrong [header size etc] + */ +int +vrfy_tcp (struct tcphdr *tcp, uint32_t plen, u_short * tcp_options) +{ + u_short _tcp_options; + + if (plen < sizeof (*tcp)) + return (-1); + + _tcp_options = tcp->th_off << 2; + if (_tcp_options > plen) + return (-1); + if (_tcp_options > 0xefff) /* this is quite to large for me */ + return -1; + + if (_tcp_options <= sizeof (*tcp)) + _tcp_options = 0; + else + _tcp_options -= sizeof (*tcp); + + *tcp_options = _tcp_options; + + return (0); +} + +int +vrfy_udp (struct udphdr *udp, uint32_t len) +{ + + if (len < sizeof(*udp)) + return (-1); + + return (0); +} + +/* + * decode NetworkVirtualTerminal Data + * data = the raw (nvt)-input + * len = length of 'data' + * ans = the nvt-answer (IAC don't) + * anslen = the calculated anser length + * res = the decoded nvt data (login: prompt etc) + * reslen = the calculates decoded data length + * All parameters must be given (NULL is not allowed) + * and initialized + * return -1 on failure + * return 0 on success + * rfc-will: anslen, reslen < len + */ +#define IACFOUND 0x01 +#define DOFOUND 0x02 +#define UNKNOWNOPT 0x04 +#define SUBNEGO 0x08 +#define CRFOUND 0x10 + +#define NVT_SE 0xf0 +#define NVT_SB 0xfa +#define NVT_WILL 0xfb +#define NVT_WONT 0xfc +#define NVT_DO 0xfd +#define NVT_DONT 0xfe +#define IAC 0xff + +int +decode_nvt(u_char *data, uint len, u_char *ans, uint *anslen, + u_char *res, uint *reslen) +{ + u_char *ptr = data; + u_char *ansptr = ans; + u_char *resptr = res; + u_char flags = 0; + int i = 0; + u_char c; + + if ( (data == NULL) || (ans == NULL) || (res == NULL)) + return(0); + + *anslen = 0; + *reslen = 0; + + while (1) + { + if (i++ >= len) + break; + c = *ptr++; + + if (flags & UNKNOWNOPT) + { + flags = 0; + continue; + } + + if (flags & IACFOUND) + { + if (c == IAC) /* IAC IAC */ + { + *resptr++ = IAC; + flags = 0; /* reset */ + continue; + } + + if (flags & SUBNEGO) + { + if (c == NVT_SE) /* subnegotiation end */ + flags = 0; + continue; + } + + if (flags & DOFOUND) + { +/* 3com switch test if (c == 0x03) + { + *ansptr++ = IAC; + *ansptr++ = NVT_DO; + *ansptr++ = 0x03; + *ansptr++ = IAC; + *ansptr++ = NVT_WILL; + *ansptr++ = 0x18; + *ansptr++ = IAC; + *ansptr++ = NVT_WILL; + *ansptr++ = 0x1f; + *ansptr++ = IAC; + *ansptr++ = NVT_WILL; + *ansptr++ = 0x20; + *ansptr++ = IAC; + *ansptr++ = NVT_WILL; + *ansptr++ = 0x21; + *ansptr++ = IAC; + *ansptr++ = NVT_WILL; + *ansptr++ = 0x22; + *ansptr++ = IAC; + *ansptr++ = NVT_WILL; + *ansptr++ = 0x27; + *ansptr++ = IAC; + *ansptr++ = NVT_DO; + *ansptr++ = 0x05; + *ansptr++ = IAC; + *ansptr++ = NVT_WILL; + *ansptr++ = 0x23; + *anslen = *anslen + 24; + + } +*/ + *ansptr++ = IAC; + *ansptr++ = NVT_WONT; /* me is dump - im a kid */ + *ansptr++ = c; + *anslen = *anslen + 3; + flags = 0; + continue; + } + + if (c == NVT_SB) /* subnegotiation */ + { + flags = SUBNEGO; + continue; + } + + if (c == NVT_DO) /* DO ... */ + { + flags |= DOFOUND; + continue; + } else { + flags = ~(IACFOUND | DOFOUND); + flags |= UNKNOWNOPT; /* skip next */ + continue; + } + + } + + if (flags & SUBNEGO) + continue; + + if (c == IAC) + { + flags = IACFOUND; /* just IAC */ + continue; + } + + if (flags & CRFOUND) + { + if (c == '\0') + { + flags &= ~CRFOUND; + *res++ = '\r'; + *reslen = *reslen + 1; + continue; + } + if (c == '\n') + { + flags &= ~CRFOUND; + *res++ = '\n'; + *reslen = *reslen + 1; + continue; + } + } + + if (c == '\r') + { + flags |= CRFOUND; + continue; + } + + *res++ = c; + *reslen = *reslen + 1; + + } + + return(0); +} + + + diff --git a/other/b-scan/tmp/src/restore.c b/other/b-scan/tmp/src/restore.c new file mode 100644 index 0000000..45edbb8 --- /dev/null +++ b/other/b-scan/tmp/src/restore.c @@ -0,0 +1,263 @@ +/* + * bscan, restore.c + * this is the buggies part of the entire scanner :> + * many buffer overflows in here + */ +#include +#include +#include +#include + + +extern struct _opt *opt; + +#define RESTORE_FILE "restore.bscan" + +#define R_ARGVLIST "argvlist" +#define R_MODARG "modarg" +#define R_LIMIT "limit" +#define R_FLAGS "flags" +#define R_DELAY "delay" +#define R_PSCANSTAT "pscanstat" +#define R_IPSCAN_COUNT "ipscan_count" +#define R_IPTOTSCAN_C "iptotscan_count" +#define R_BSENT_COUNT "bsent_count" +#define R_IP_OFFSET "ip_offset" +#define R_IP_BLKLEN "ip_blklen" +#define R_IP_POS "ip_pos" +#define R_SCAN_TIME "scan_time" +#define R_SPF_SIP "spf_sip" +#define R_SPF_SMAC "spf_smac" +#define R_SNARFICMP_C "snarf.icmp_c" +#define R_SNARFCLOSE_C "snarf.close_c" +#define R_SNARFOPEN_C "snarf.open_c" +#define R_SNARFREFUSED_C "snarf.refused_c" +#define R_IDEV "lnet.device" +#define R_HOSTFILE "hostfile" + + +/* + * save everything that is required to restore/restart an inter session + */ +int +write_restore () +{ + u_char *p = (u_char *) opt->spf_smac; + FILE *fptr; + char **myargv = opt->argvlist; + struct timeval tv; +#ifdef HAVE_DLSYM + int c=0; + extern const int modcount; + extern const struct _mods mods[MAX_MODULES]; +#endif + + if (opt->flags & OPT_VERB) + fprintf (stderr, "Writing restore file '%s'\n", RESTORE_FILE); + + if ((fptr = fopen (RESTORE_FILE, "w+")) == NULL) + return (-1); + + fprintf (fptr, "# bscan restore file. This is an automatic generated\n"); + fprintf (fptr, "# file. Don't edit.\n"); + fprintf (fptr, "#\n"); + + fprintf (fptr, R_ARGVLIST ": "); + if ((opt->target != NULL) && !(opt->flags & OPT_HOSTFILE)) + fprintf (fptr, "\"%s\" ", opt->target); + while (*myargv != NULL) + fprintf (fptr, "\"%s\" ", *myargv++); + fprintf (fptr, "\n"); + +#ifdef HAVE_DLSYM + for (c = 0; c < modcount; c++) + fprintf(fptr, R_MODARG ": %s\n", mods[c].modarg); +#endif + + fprintf (fptr, R_LIMIT ": %u\n", opt->limit); + fprintf (fptr, R_DELAY ": %u\n", opt->delay); + fprintf (fptr, R_PSCANSTAT ": %u\n", opt->pscanstat); + fprintf (fptr, R_IPSCAN_COUNT ": %lu\n", opt->ipscan_count); + fprintf (fptr, R_IPTOTSCAN_C ": %lu\n", opt->iptotscan_count); + fprintf (fptr, R_BSENT_COUNT ": %lu\n", opt->bsent_count); + fprintf (fptr, R_IP_OFFSET ": %lu\n", opt->ip_offset); + fprintf (fptr, R_IP_BLKLEN ": %lu\n", opt->ip_blklen); + fprintf (fptr, R_IP_POS ": %lu\n", opt->ip_pos); + fprintf (fptr, R_FLAGS ": %4.4x\n", opt->flags); + memcpy(&tv, &opt->tv2, sizeof(tv)); + time_diff (&opt->scan_start, &tv); + fprintf (fptr, R_SCAN_TIME ": %ld\n", (long)tv.tv_sec); + fprintf (fptr, R_SPF_SIP ": %s\n", int_ntoa (opt->nt.src)); + fprintf (fptr, R_SPF_SMAC ": %2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x\n", + p[0], p[1], p[2], p[3], p[4], p[5]); + fprintf (fptr, R_SNARFICMP_C ": %lu\n", opt->snarf.icmp_c); + fprintf (fptr, R_SNARFCLOSE_C ": %lu\n", opt->snarf.close_c); + fprintf (fptr, R_SNARFOPEN_C ": %lu\n", opt->snarf.open_c); + fprintf (fptr, R_SNARFREFUSED_C ": %lu\n", opt->snarf.refused_c); + if (opt->lnet.device != NULL) + fprintf (fptr, R_IDEV ": %s\n", opt->lnet.device); + else + fprintf (fptr, R_IDEV ": \n"); + + if (opt->hostfile != NULL) + fprintf (fptr, R_HOSTFILE ": %s\n", opt->hostfile); + else + fprintf (fptr, R_HOSTFILE ": \n"); + + fclose (fptr); + + return (0); +} + +int +restore_processtag (char *tag, char *arg) +{ + char *ptr = arg; + int c = 0; + + if ((arg == NULL) || (tag == NULL)) + return (-1); + + if (!strcmp (R_ARGVLIST, tag)) + if (strlen (arg) > 0) + { + int toggle = 0; + while (*ptr != '\0') + if (*ptr++ == '"') + c++; + ptr = arg; + c = c / 2; + if (c <= 0) + return (-1); /* this should not happen */ + if ((opt->argvlist = malloc ((c + 1) * sizeof (char *))) == NULL) + return (-1); + for (toggle = 0; toggle < c + 1; toggle++) + opt->argvlist[toggle] = NULL; + + toggle = 0; + ptr = arg; + c = 0; + while (*ptr != '\0') + if (*ptr++ == '"') + { + *(ptr - 1) = '\0'; + if (toggle++ == 1) + { + toggle = 0; + continue; + } + opt->argvlist[c++] = ptr; + } + + /* strings are ready + \0 terminated here */ + + for (toggle = 0; toggle < c; toggle++) + opt->argvlist[toggle] = strdup (opt->argvlist[toggle]); + + return (0); + } + + if (!strcmp (R_MODARG, tag)) + loadinit_mod(arg); + + if (!strcmp (R_DELAY, tag)) + opt->delay = atoi (arg); + if (!strcmp (R_LIMIT, tag)) + opt->limit = atoi (arg); + if (!strcmp (R_PSCANSTAT, tag)) + opt->pscanstat = atoi (arg); + if (!strcmp (R_IPSCAN_COUNT, tag)) + opt->ipscan_count = strtoul (arg, NULL, 10); + if (!strcmp (R_IPTOTSCAN_C, tag)) + opt->iptotscan_count = strtoul (arg, NULL, 10); + if (!strcmp (R_BSENT_COUNT, tag)) + opt->bsent_count = strtoul (arg, NULL, 10); + if (!strcmp (R_IP_OFFSET, tag)) + opt->ip_offset = strtoul (arg, NULL, 10); + if (!strcmp (R_IP_BLKLEN, tag)) + opt->ip_blklen = strtoul (arg, NULL, 10); + if (!strcmp (R_IP_POS, tag)) + opt->ip_pos = strtoul (arg, NULL, 10); + if (!strcmp (R_SCAN_TIME, tag)) + { /* doing the date trick ..we had a scannerdowntime.. */ + gettimeofday (&opt->scan_start, NULL); + opt->scan_start.tv_sec = + opt->scan_start.tv_sec - strtoul (arg, NULL, 10); + } + if (!strcmp (R_SPF_SIP, tag)) + opt->nt.src = inet_addr (arg); + if (!strcmp (R_SPF_SMAC, tag)) + { + unsigned short int sp[6]; + sscanf (arg, "%hx:%hx:%hx:%hx:%hx:%hx", &sp[0], &sp[1], &sp[2], + &sp[3], &sp[4], &sp[5]); + for (c = 0; c < 6; c++) + opt->spf_smac[c] = (u_char) sp[c]; + + } + if (!strcmp (R_FLAGS, tag)) + { + sscanf (arg, "%hx", &opt->flags); + opt->flags &= ~OPT_ABRT; + opt->flags &= ~OPT_REST; + } + if (!strcmp (R_SNARFICMP_C, tag)) + opt->snarf.icmp_c = strtoul (arg, NULL, 10); + if (!strcmp (R_SNARFCLOSE_C, tag)) + opt->snarf.close_c = strtoul (arg, NULL, 10); + if (!strcmp (R_SNARFOPEN_C, tag)) + opt->snarf.open_c = strtoul (arg, NULL, 10); + if (!strcmp (R_SNARFREFUSED_C, tag)) + opt->snarf.refused_c = strtoul (arg, NULL, 10); + if (!strcmp (R_IDEV, tag)) + if (strlen (arg) > 0) + opt->lnet.device = strdup (arg); + if (!strcmp (R_HOSTFILE, tag)) + if (strlen (arg) > 0) + opt->hostfile = strdup (arg); + + return (0); +} + + +/* + * read restore-file + * return 0 on success, -1 on failure + * sscanf is exploitable. have fun. What kind of stupid admin + * who set a +s on this programm. harhar + */ +int +read_restore (char *filename) +{ + FILE *fptr; + char buf[1024]; + char tag[1024], arg[1024]; + + if (opt->flags & OPT_VERB) + fprintf (stderr, "Reading restore file '%s'.\n", filename); + + if ((fptr = fopen (filename, "rb")) == NULL) + { + printf ("OPEN FAILED\n"); + return (-1); + } + + while (fgets (buf, sizeof (buf), fptr) != NULL) + { + if (strchr (buf, '#') != NULL) + continue; + + tag[0] = arg[0] = '\0'; + sscanf (buf, "%[^: ]%*[: \t]%[^#\n]%*[\n]", tag, arg); + + if (restore_processtag (tag, arg) == -1) + { + fprintf (stderr, "error while processing restore file with '%s:%s' \n ", tag, arg); + exit (-1); + } + + } + + fclose (fptr); + return (0); +} diff --git a/other/b-scan/tmp/src/signal.c b/other/b-scan/tmp/src/signal.c new file mode 100644 index 0000000..a2af01f --- /dev/null +++ b/other/b-scan/tmp/src/signal.c @@ -0,0 +1,72 @@ +#include +#include + +/* + * add the signals that you want to be set to default-action + */ +int +do_sig_setall (sighandler_t action) +{ +#ifdef SIGHUP + signal (SIGHUP, action); +#endif +#ifdef SIGINT + signal (SIGINT, action); +#endif +#ifdef SIGQUIT + signal (SIGQUIT, action); +#endif +#ifdef SIGABRT + signal (SIGABRT, action); +#endif +#ifdef SIGPIPE + signal (SIGPIPE, action); +#endif +#ifdef SIGALRM + signal (SIGALRM, action); +#endif +#ifdef SIGTERM + signal (SIGTERM, action); +#endif +#ifdef SIGUSR1 + signal (SIGUSR1, action); +#endif +#ifdef SIGUSR1 + signal (SIGUSR1, action); +#endif +#ifdef SIGCHLD + signal (SIGCHLD, action); +#endif +#ifdef SIGCOMT + signal (SIGCOMT, action); +#endif +#ifdef SIGSTOP + signal (SIGSTOP, action); +#endif +#ifdef SIGTSTP + signal (SIGTSTP, action); +#endif +#ifdef SIGTTIM + signal (SIGTTIM, action); +#endif +#ifdef SIGTTOU + signal (SIGTTOU, action); +#endif + + return (0); +} + +/* + * sig-ctl function. + * atm only SIG_DFL implemented.... + */ +int +sigctl (int flags, sighandler_t action) +{ + int ret = 0; + + if (flags & SIG_SETALL) + ret = do_sig_setall (action); + + return (ret); +} diff --git a/other/b-scan/tmp/src/snarf.c b/other/b-scan/tmp/src/snarf.c new file mode 100644 index 0000000..fce8b9e --- /dev/null +++ b/other/b-scan/tmp/src/snarf.c @@ -0,0 +1,211 @@ +#include + +#include +#include +#ifndef __FAVOR_BSD +#define __FAVOR_BSD +#endif +#ifndef __USE_BSD +#define __USE_BSD +#endif +#ifndef __BSD_SOURCE +#define __BSD_SOURCE +#endif + +#include +#include +#include +#include +#include + +pcap_t *ip_socket; + +/* + * some global variables (modules need access etc) + */ +int dlt_len; +u_char *align_buf = NULL; +unsigned short ip_options = 0; +struct ip *ip; +struct Ether_header *eth; +u_int pcaplen, plen; +struct timeval *pts; + +extern struct _opt *opt; +#ifdef HAVE_DLSYM +extern const int modcount; +extern const struct _mods mods[MAX_MODULES]; +#endif + + +/* + * answer on arp-request. + */ +static void +handle_arp (struct pcap_pkthdr *p, struct Ether_header *eth, + struct Arphdr *arp) +{ + u_long *ipdummy = (u_long *) arp->ar_tip; + + if (ntohs (arp->ar_op) != ARPOP_REQUEST) + return; + +#ifdef DEBUG + printf ("ARPG request for %s\n", int_ntoa ((u_long) * ipdummy)); +#endif + if (*ipdummy == opt->nt.src) + play_arpg (&opt->lnet, arp->ar_tip, (u_char *) opt->spf_smac, + (u_char *) arp->ar_sip, eth->ether_shost); +} + + +/* + * called by libpcap + */ +static void +filter_packet (u_char * u, struct pcap_pkthdr *p, u_char * packet) +{ + int c; + static u_char *align_eth = NULL; + + if (p->len < (dlt_len + sizeof (struct Arphdr))) + return; + if (align_buf == NULL) + align_buf = (u_char *) malloc (2048); + if (align_eth == NULL) + align_eth = (u_char *) malloc (42); + + memcpy ((char *) align_buf, (char *) (packet + dlt_len), p->caplen); + memcpy ((char *) align_eth, (char *) packet, 42); + eth = (struct Ether_header *) (align_eth); + ip = (struct ip *) (align_buf); + + if (ntohs (eth->ether_type) == ETHERTYPE_ARP) + { + handle_arp (p, eth, (struct Arphdr *) (align_buf)); + return; + } + + + if (ntohs (eth->ether_type) != ETHERTYPE_IP) + return; + if (vrfy_ip (ip, p->len - dlt_len, &ip_options) != 0) + return; + if (ip->ip_dst.s_addr != opt->nt.src) + return; + if (p->len < (dlt_len + sizeof (*ip) + ip_options)) + return; + + /* here only 'my-ip' packets */ + +/* module entry point TWO */ +/* packet is verifite, belongs to us + valid size */ +/* return of module tell us if we should procced as usual or not */ +/* DROP is valid here ! */ + + plen = p->len; + pcaplen = p->caplen; + pts = &p->ts; + +#ifdef HAVE_DLSYM + c = 0; + while (c < modcount) + mods[c++].callmdl (MOD_RCV, opt); +#endif + +} + +/* + * init pcap network stuff + * only called once on startup. + * -1 = error + * 0 = success + */ +int +pcap_init_net (char *iface, int promisc, char *filter, int *dltlen) +{ + char errbuf[PCAP_ERRBUF_SIZE]; + struct bpf_program prog; + bpf_u_int32 network, netmask; + + if (iface == NULL) + { + iface = pcap_lookupdev (errbuf); + if (iface == NULL) + { + fprintf (stderr, "pcap_lookupdev: %s\n", errbuf); + return (-1); + } + } + if (pcap_lookupnet (iface, &network, &netmask, errbuf) < 0) + { + fprintf (stderr, "pcap_lookupnet: %s\n", errbuf); + return (-1); + } + ip_socket = pcap_open_live (iface, 1024, promisc, 1024, errbuf); + if (ip_socket == NULL) + { + fprintf (stderr, "pcap_open_live: %s\n", errbuf); + return (-1); + } + switch (pcap_datalink (ip_socket)) + { + case DLT_EN10MB: + *dltlen = 14; + break; + case DLT_SLIP: + *dltlen = 16; + break; + default: + *dltlen = 4; + break; + } + if (pcap_compile (ip_socket, &prog, filter, 1, netmask) < 0) + { + fprintf (stderr, "pcap_compile: %s\n", errbuf); + return (-1); + } + if (pcap_setfilter (ip_socket, &prog) < 0) + { + fprintf (stderr, "pcap_setfilter: %s\n", errbuf); + return (-1); + } + + return 0; +} + + +/* + * called by main-thread. + * doing all the snarf, arp-reply, tcp-stack stuff from here + */ +void * +do_snarf (void *iface) +{ +/* sigctl (SIG_SETALL, SIG_DFL); + signal (SIGINT, SIG_IGN); +*/ + + pcap_init_net (iface, 1, PCAP_FILTER, &dlt_len); + + /* the parent thread should at least w8 until we are ready to rumble */ + opt->flags &= ~OPT_W8SEMA; + + while (1) + pcap_loop (ip_socket, -1, (pcap_handler) filter_packet, NULL); + + undo_snarf(); /*### fixme, somewhere else */ + + pthread_exit(NULL); /* no return values needed */ + return NULL; +} + +/* + * close everything that was initialized with do_snarf + */ +void +undo_snarf () +{ + pcap_close (ip_socket); +} + diff --git a/other/b-scan/tmp/src/system.c b/other/b-scan/tmp/src/system.c new file mode 100644 index 0000000..a3ccc94 --- /dev/null +++ b/other/b-scan/tmp/src/system.c @@ -0,0 +1,349 @@ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#ifndef SHMMNI +#define SHMMNI 100 +#endif + +#define MAXSHM 4 /* its bscan. we need <4 shm's */ + +static int shm_id = -1; /* last used id */ +static int shm_c = -1; /* shm_alloc counter */ + +static struct _shm +{ + int id; + void *ptr; +} +shm[MAXSHM]; + + +/* + * uhm. hard job for the process coz the process + * does not get the shm_id. uhm. i should make a static traking list + * of all shared memory segments (addr <-> id mapping maybe ?) + * on the other hand...since an attachment count is maintained for + * the shared memory segment the segment gets removed when the last + * process using the segment terminates or detaches it. + * hmm. Seems the following function is completly useless....:> + * Hey. why are you reading my comments ? write me: anonymous@segfault.net! + */ +int +shmfree (int shm_id) +{ + if (shm_id < 0) + return (-1); + return (shmctl (shm_id, IPC_RMID, 0)); +} + +/* + * kill ALL shm's + * uhm. this is brutal. but shm is risky. you can bring + * down ANY system if you waste all shm's. Shm's dont get + * freed on process-exit !!! syslog will fail, inetd will fail, .. + * any program that tries to alloc shared memory...nono good :> + * root can use 'ipcrm shm ' do free the shm's. + * that's why we use this brutal "killall"-method. + * something else: killall-method is realy BRUTAL. believe me! + * If you have other functions registered on exit (atexit) + * and you try to reference to a shm within these function...you are lost + * Unexpected things will happen.... + */ +void +shmkillall () +{ + int c; + + for (c = 0; c < shm_c; c++) + shmfree (shm[c].id); +} + +/* + * allocate shared memory (poor but fast IPC) + * the value returned is a pointer to the allocated + * memory, which is suitably aligned for any kind of + * variable, or NULL if the request fails. + * + * TODO: on SVR4 use open("/dev/zero", O_RDWR); and mmap trick for speedup + */ +void * +shmalloc (int flag, size_t length) +{ + void *shm_addr; + int c = 0; + + if (shm_c == -1) /* init all the internal shm stuff */ + { + atexit (shmkillall); + shm_c = 0; + } + + if (shm_c >= MAXSHM) + return (NULL); /* no space left in list. no bscan ?? */ + + if (flag == 0) + flag = (IPC_CREAT | IPC_EXCL | SHM_R | SHM_W); + + while (c < SHMMNI) /* brute force a NEW shared memory section */ + if ((shm_id = shmget (getpid () + c++, length, flag)) != -1) + break; + else + return (NULL); + + if ((shm_addr = shmat (shm_id, NULL, 0)) == NULL) + return (NULL); + + shm[shm_c].id = shm_id; + shm[shm_c].ptr = shm_addr; + shm_c++; /* increase shm-counter */ + + return (shm_addr); +} + +#ifdef WITH_NANOSLEEP +/* add lib '-lrt' */ +/* + * nanosec must be in the range 0 to 999 999 999 + * ..we dont care about signals here... + */ +void +do_nanosleep (time_t sec, long nsec) +{ + struct timespec mynano; + mynano.tv_sec = sec; + mynano.tv_nsec = nsec; + nanosleep (&mynano, NULL); +} +#endif + + +/* + * xchange data p1 <-> p2 of length len + */ +void +xchange (void *p1, void *p2, int len) +{ + unsigned char buf[len]; + + memcpy (buf, p1, len); + memcpy (p1, p2, len); + memcpy (p2, buf, len); +} + +/* + * calculate time-difference now - in + * and return diff in 'now' + */ +void +time_diff (struct timeval *in, struct timeval *now) +{ + if ((now->tv_usec -= in->tv_usec) < 0) + { + now->tv_sec--; + now->tv_usec += 1000000; + } + now->tv_sec -= in->tv_sec; +} + +/* + * converts a 'esc-sequenced' string to normal string + * return string in dst. + * returns 0 on success + * todo: \ddd decoding + */ +int +ctoreal(char *src, char *dst) +{ + char c; + + if ((src == NULL) || (dst == NULL)) + { + dst = NULL; + return(0); /* yes, its ok. */ + } + + while (*src != '\0') + if (*src == '\\') + { + switch((c = *++src)) + { + case 'n': + *dst++ = '\n'; + break; + case 'r': + *dst++ = '\r'; + break; + case 't': + *dst++ = '\t'; + break; + case '\\': + *dst++ = '\\'; + break; + case 's': + *dst++ = ' '; + break; + default: + *dst++ = c; + /* printf("unknown escape sequence 0x%2.2x\n", c);*/ + break; + } + src++; + } else + { + *dst++ = *src++; + } + *dst = '\0'; + return(0); +} + + +/* + * parse data, format data and print to fd (only prinatable chars) + * supress \r, nonprintable -> '_'; + * output line by line [\n] with 'prefix' before each line. + * prefix is a 0-terminated string + */ +void +save_write(FILE *fd, char *prefix, unsigned char *data, int data_len) +{ + int c; + unsigned char *ptr = data; + unsigned char *startptr = data; + const char trans[] = + "................................ !\"#$%&'()*+,-./0123456789" + ":;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklm" + "nopqrstuvwxyz{|}~...................................." + "....................................................." + "........................................"; + + + if (prefix == NULL) + prefix = ""; + + for (c = 0; c < data_len; c++) + { + if (*data == '\r') /* i dont like these */ + { + data++; + continue; + } + if (*data == '\n') + { + *ptr = '\0'; + fprintf (fd, "%s%s\n", prefix, startptr); + startptr = ++data; + ptr = startptr; + continue; + } + + *ptr++ = trans[*data++]; + + } + + if (ptr != startptr) + { + *ptr = '\0'; + fprintf (fd, "%s%s\n", prefix, startptr); + } + +} + +/* + * check if data contains any non-printable chars [except \n] + * return 0 if yes,,,,1 if not. + */ +int +isprintdata(char *ptr, int len) +{ + char c; + + while(len-- > 0) + { + c = *ptr++; + if (c == '\n') + continue; + if (!isprint((int)c)) + return(0); + } + + return(1); +} + +/* + * convert some data into hex string + * We DO 0 terminate the string. + * dest = destination + * destlen = max. length of dest (size of allocated memory) + * data = (non)printable input data + * len = input data len + * return 0 on success, 1 if data does not fit into dest, -1 on error + */ +int +dat2hexstr(unsigned char *dest, unsigned int destlen, unsigned char *data, + unsigned int len) +{ + unsigned int i = 0; + unsigned int slen = 0; + unsigned char *ptr = dest; + unsigned char c; + char hex[] = "0123456789ABCDEF"; + + memset(dest, '\0', destlen); + + while (i++ < len) + { + c = *data++; + if (slen + 3 < destlen) + { + *dest++ = hex[c / 16]; + *dest++ = hex[c % 16]; + *dest++ = ' '; + slen += 3; + ptr += 3; + } else { + return(1); + } + } + + return(0); +} + + +/* dat2strip + * + * print the data at `data', which is `len' bytes long to the char + * array `dest', which is `destlen' characters long. filter out any + * non-printables. NUL terminate the dest array in every case. + * + * return the number of characters written + */ + +int +dat2strip(unsigned char *dest, unsigned int destlen, unsigned char *data, + unsigned int len) +{ + unsigned char *dp; + + for (dp = dest ; dp - dest < destlen && len > 0 ; --len, ++data, ++dp) { + if (isprint (*data)) + *dp = *data; + } + + if (dp - dest < destlen) + *dp = '\0'; + dest[destlen - 1] = '\0'; + + return (dp - dest); +} + + diff --git a/other/b-scan/tmp/src/test_garage.c b/other/b-scan/tmp/src/test_garage.c new file mode 100644 index 0000000..06acf61 --- /dev/null +++ b/other/b-scan/tmp/src/test_garage.c @@ -0,0 +1,99 @@ +/* test_garage.c - test program for the garage module + * + * by scut / teso + */ + +#include +#include +#include +#include +#include + + +void +cleaner_t (ip_list *il); + +int +main (int argc, char *argv[]) +{ + int data_len; + unsigned char * data; + unsigned long int ip, + gip = 0; + unsigned long int ips; + garage_hdlr * hdl; + unsigned long int maxkeep; + + printf ("mg_cidr_getmask (20) = 0x%08lx\n", mg_cidr_getmask (20)); + printf ("mg_cidr_getmask (0xffffffc0) = 0x%08lx\n", mg_cidr_getmask (0xffffffc0)); + + if (argc < 2 || sscanf (argv[1], "%lu", &ips) != 1) { + printf ("usage: %s [maxkeep]\n\n", argv[0]); + + exit (EXIT_FAILURE); + } + if (argc == 3 && sscanf (argv[2], "%lu", &maxkeep) != 1) + exit (EXIT_FAILURE); + + srand (time (NULL)); + hdl = mg_init ("footest", maxkeep, cleaner_t); + + printf ("mg_cidr_getmask (0) = 0x%08lx\n", mg_cidr_getmask (0)); + + mg_write (hdl, 2048, "foobar", 7, 0); + mg_write (hdl, 2050, "foobar", 7, 0); + mg_write (hdl, 101911, "foobar", 7, 0); + mg_write (hdl, 28914191, "foobar", 7, 0); + printf ("mg_cidr_count (hdl, 2048, 32) = %lu\n", mg_cidr_count (hdl, 2048, 32)); + printf ("mg_cidr_count (hdl, 2048, 31) = %lu\n", mg_cidr_count (hdl, 2048, 31)); + printf ("mg_cidr_count (hdl, 2048, 30) = %lu\n", mg_cidr_count (hdl, 2048, 30)); + printf ("mg_cidr_count (hdl, 2048, 13) = %lu\n", mg_cidr_count (hdl, 2048, 13)); + printf ("mg_cidr_count (hdl, 2048, 0) = %lu\n", mg_cidr_count (hdl, 2048, 0)); + + + ip = 123; + mg_write (hdl, ip, "foo", 4, 0); + mg_read (hdl, ip); + mg_clean (hdl, ip, NULL); + + do { + ip = rand (); + + data_len = rand () % 64; + data_len += 1; /* avoid allocating zero bytes */ + data = malloc (data_len); + memset (data, '\x73', data_len); + data[data_len - 1] = '\0'; + + mg_write (hdl, ip, (void *) data, data_len, 1); + if (ips % 137 == 0) + gip = ip; + + if (ips % 139 == 0) + (void) mg_read (hdl, gip); + + ips -= 1; + if (ips % 5000 == 0) + mg_show (hdl); + + } while (ips > 0); + + mg_show (hdl); + mg_destroy (hdl, 0); + + exit (EXIT_SUCCESS); +} + + +void +cleaner_t (ip_list *il) +{ + if ((rand () % 20000) == 0) + printf ("cleaner_t: il = 0x%08lx IP = 0x%08lx\n", + (unsigned long int) il, + il->ip); + + return; +} + + diff --git a/other/b-scan/tmp/src/tty.c b/other/b-scan/tmp/src/tty.c new file mode 100644 index 0000000..5c99b7f --- /dev/null +++ b/other/b-scan/tmp/src/tty.c @@ -0,0 +1,116 @@ +/* + * most of this stuff is ripped from solar's excelent john-1.6 source + */ +#include +#include +#include + +#include +#include +#include + +static int tty_fd = 0; +static int tty_buf = -1; +static struct termios saved_ti; + + +/* + * Reads a character, returns -1 if no data available or on error. + */ +int +tty_getchar () +{ + int c; + + /* + * process buffer first + */ + if (tty_buf != -1) + { + c = tty_buf; + tty_buf = -1; + return (c); + } + + if (tty_fd) + { + c = 0; + if (read (tty_fd, &c, 1) > 0) + return c; + } + + return (-1); +} + +/* + * check if someone pressed a key + * Actually we do a read on the fd and store the result in a buffer + * todo: check with ioctl if data is pending + * return 1 is data is pending, 0 if not + */ +int +tty_ischar () +{ + if (tty_buf != -1) + return (1); + + if ((tty_buf = tty_getchar ()) != -1) + return (1); + + return (0); +} + + +/* + * Restores the terminal parameters and closes the file descriptor. + */ +void +tty_done () +{ + int fd; + + if (!tty_fd) + return; + + fd = tty_fd; + tty_fd = 0; + tcsetattr (fd, TCSANOW, &saved_ti); + + close (fd); +} + + +/* + * Initializes the terminal for unbuffered non-blocking input. Also registers + * tty_done() via atexit(). + */ +void +tty_init () +{ + int fd; + struct termios ti; + + if (tty_fd) + return; + + if ((fd = open ("/dev/tty", O_RDONLY | O_NONBLOCK)) < 0) + return; + + if (tcgetpgrp (fd) != getpid ()) + { + close (fd); + return; + } + + tcgetattr (fd, &ti); + saved_ti = ti; + ti.c_lflag &= ~(ICANON | ECHO); + ti.c_cc[VINTR] = 3; /* CTRL-C is INTR */ + ti.c_cc[VMIN] = 1; + ti.c_cc[VTIME] = 0; + tcsetattr (fd, TCSANOW, &ti); + + tty_fd = fd; + + atexit (tty_done); +} -- cgit v1.3